An Advanced BGP Configuration

Figure 10-2 shows a network that consists of two offices connected to two different ISPs. The offices run OSPF between themselves and use BGP to exchange routes with the ISPs. The two offices are part of a single autonomous system, AS 3000. Each ISP has its own AS number (100 and 200). Office 1 has a single router, which takes care of all its needs. Office 2 has two routers: office2-r1 runs OSPF only and is responsible only for interior routing; office2-r2 provides the connection to the outside world through ISP2. On office1-r1, we need to configure eBGP to exchange routes with ISP1. Likewise, we must configure office2-r2 to exchange routes with ISP2. We want to implement a simple routing policy that prevents the ISPs from using our network to send packets to other autonomous networks. That is, we don't want transit traffic flowing through our sitewe want only traffic that is destined for our network.

Figure 10-2. BGP network with two service providers

The transit-traffic filtering is accomplished by using AS path filters , which we discussed in a previous section. On both routers, the filtering takes place in AS path access list 1. This is a simple access list: all we need to do is permit routes that originated within our local autonomous system. Our AS number happens to be 3000, but that's not important for writing the filterwe just need to realize that the regular expression ^$ matches routes that originated within our autonomous system, and no others.

Here's the configuration for office1-r1. It runs OSPF (process ID 1001) for communicating with the other office, and it sets up an eBGP connection to AS 100 (ISP1) and an iBGP connection to the office2-r2 router (AS 3000). The filter list that prevents transit traffic is applied to outbound updates destined for ISP1. If we don't tell ISP1 about any routes that don't originate from our own AS, ISP1 will be unable to route transit traffic through our network.

The configuration for office2-r2 is similar to the configuration for office1-r1. Again, this router needs an OSPF process for interior routing. The process number is 1001, which matches the process number on the other routers. For BGP, we set up an eBGP connection to the ISP2 router (AS 200) and an iBGP connection to office1-r1 (AS 3000). The route filtering is identical.

Finally, to make sure both links work, we can run a quick test on office2-r1. This test is limited, in that it really tests only our OSPF configuration, but it gives us more confidence that the network as a whole is running. First, show ip route on office2-r1 shows that it prefers office2-r2 as its default router:

Figure 10-2 shows a network with links to two different providers. We've already seen configurations that get the network up and running. Now, we would like to give one provider preference over the other for outbound traffic. Let's assume that ISP1 is more reliable so, whenever possible, we want to send our traffic over its network. To do this, we use a route map to modify the local preference metric so that we prefer routes to ISP1. Remember that the local preference metric stays local to our networkthat is, we never send the local preference outside of our ASbut is shared among the routers within our AS.

In office2-r2, we add a route map named CHANGE_LOCAL_PREF. This map sets the local preference for routes through ISP2 to 50, making ISP1 more preferable than ISP2. (The default local preference is 100, and higher preferences are better.) The configuration change means that even if we have to traverse our WAN link between the offices, we will use ISP1 rather than ISP2. Here are the changes to the configuration for office2-r2:

! While we're at it, we need to make sure OSPF picks the right ISP as
! well, so we'll increase the metric for the default route here
! to 1000.
router ospf 1001
network 192.168.2.0 0.0.0.255 area 0
default-information originate metric 1000
!
! In our BGP configuration, the only change is the addition of the route
! map for neighbor 172.30.2.1. Everything else is the same as it was
! before.
router bgp 3000
neighbor 172.30.2.1 route-map CHANGE_LOCAL_PREF in
!
! Finally, we create our route map to change the local preference for
! neighbor 172.30.2.1
route-map CHANGE_LOCAL_PREF permit 10
set local-preference 50

show ip bgp on office2-r2 shows that the local preference for the route has indeed changed: